Cisco Unified Videoconferencing Manager (CUVCM) is the current Cisco Videoconferencing Manager Product (Radvision OEM). Which means it won't be the future product since it will be replaced by Tandberg VCS and TMS I guess (this actually makes a lot of sense).
Still, there is quite an installed base of this product in the field and there will be one for quite some time in the future. So for those who have an installation and want to replace the build in NTLMv1 SSO here is a caveat i fought with:
Basically the setup is pretty straight forward, just go according to the guide here:
www.cisco.com/en/US/docs/video/cuvcm/7_1/configuration_guide/kerberoscuvcm71.pdf
Some things to look at in detail:
->Make sure the principal matches your hostname
->Sniff traffic on the CUVCM server to make sure you are hitting the right Domain Controller
For us it still did not work initially. After search together with TAC for a long time, a Linux server admin at the customer put us on the right track for resolution:
The customer had a relatively large AD with multiple domains. Therefore the SPNEGO header used for Kerberos became comparatively large.
It turns out, Tomcat (and quite a lot of other Web Servers put a limit to the maximum size of the HTTP header that is being processed. The large SPNEGO token pushed us over that limit.
So to change that limit for the HTTP header in the Tomcat SAR (CUVCM is actually using JBOSS which is using tomcat as the embedded Servlet Container):
Open the following file:
\JBOSS_DIR\server\default\deploy\jbossweb-tomcat55.sar\server.xml
Change the value for : maxHttpHeaderSize to something larger than the default of 8192 (8KB), e.g. 16384 or 32768
Keine Kommentare:
Kommentar veröffentlichen